CloudConnect Debrief: Real Life Cloud Computing Lessons
At this week's CloudConnect conference, many attendees showed that they've moved from studying to implementing, says CIO.com's Bernard Golden. He shares some interesting lessons learned on cloud economics, IT organization and privacy issues.
Fri, March 11, 2011
I've only scratched the surface of the content of the conference. There was a track on private clouds, a couple of sessions of which I attended, though the one I missed was where the fireworks broke out. To my mind, the ultimate answer to this question of whether private clouds will prove a long-term solution will revolve around cost and scale — while agility (usually defined as delivering a virtual machine in 10 minutes) is valuable, it is nowhere near enough to satisfy the long-term implications of cloud computing.
Privacy and Compliance Progress?
There was also a track on culture, risk, and governance. I got to see Dr. Chenxi Wang, security analyst for Forrester, talk about international cloud computing, with a focus on international laws on privacy, compliance, and liability. Two nuggets from her talk:
In her discussions with international clients, Asian ones generally emphasize business opportunity over privacy, while European ones emphasize privacy, notwithstanding any potential lost business opportunities.
As a way of addressing the issue of locating data generated in one nation in another and determining what privacy laws apply, Dr. Wang described a nascent proposal for "digital embassies." Embassies are legally the property of the country whose embassy the building contains, not the property of the country in which the building is located. In the digital embassy concept, a data center in which data resides be subject would be subject to the compliance and privacy strictures of the country in which the data originates, rather than those of the country in which the data resides. It's an interesting concept, though, as noted, nascent.
More interesting, perhaps, is the impact on national privacy and compliance laws of the new application profiles similar to the example the fellow from Cedexis described — an application that is comprised of services (and thus data) from multiple data centers, each of which may be subject to a set of laws and regulations. A single application could, literally, have a large number of compliance conditions applicable to it, given its mishmosh of services and components.
There was enough food for thought at CloudConnect to form a gigantic banquet. I left more convinced of the power and inevitability of this form of computing, and sobered by the challenges and questions it poses.
Bernard Golden is CEO of consulting firm HyperStratus, which specializes in virtualization, cloud computing and related issues. He is also the author of "Virtualization for Dummies," the best-selling book on virtualization to date.